Oval Definition:	oval:org.opensuse.security:def:201717434
Revision Date: 2022-09-02 Version: 1 Title: CVE-2017-17434 Description: The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-17434 SUSE-SU-2018:0117-1 SUSE-SU-2018:0118-1 openSUSE-SU-2018:0101-1 Mitre CVE-2017-17434 SUSE CVE-2017-17434 SUSE-SU-2018:0117-1 SUSE-SU-2018:0118-1 openSUSE-SU-2018:0101-1 Platform(s): openSUSE Leap 42.2 openSUSE Leap 42.3 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 42.2 is installed AND Package Information rsync-3.1.0-7.3.1 is installed AND rsync is signed with openSUSE key Definition Synopsis openSUSE Leap 42.3 is installed AND Package Information rsync-3.1.0-10 is installed AND rsync is signed with openSUSE key Definition Synopsis SUSE Linux Enterprise Server 11 SP4 is installed AND rsync-3.0.4-2.53.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP3 is installed AND rsync-3.1.0-13.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND rsync-3.1.0-13.7.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND rsync-3.1.0-13.7 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND rsync-3.1.0-13.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND rsync-3.1.0-13.7 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed AND rsync-3.0.4-2.53.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP2 is installed OR SUSE Linux Enterprise Desktop 12 SP3 is installed OR SUSE Linux Enterprise Server 12 SP2 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP4 is installed AND rsync-3.1.0-13.13.3 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP2 is installed OR SUSE Linux Enterprise Desktop 12 SP3 is installed AND rsync-3.1.0-13.7.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP2 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3-TERADATA is installed AND rsync-3.0.4-2.53.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP3-TERADATA is installed OR SUSE Linux Enterprise Server 11 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA is installed OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed AND rsync-3.0.4-2.53.3 is installed OR Package Information SUSE Linux Enterprise Server 11 SP1-TERADATA is installed OR SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA is installed AND rsync-3.0.4-2.48.4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP2 is installed OR SUSE Linux Enterprise Desktop 12 SP3 is installed OR SUSE Linux Enterprise Server 12 SP2 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13 is installed OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed AND rsync-3.1.3-1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP2 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13 is installed OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed AND rsync-3.1.3-1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP2 is installed OR SUSE Linux Enterprise Desktop 12 SP3 is installed OR SUSE Linux Enterprise Server 12 SP2 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7 is installed OR Package Information SUSE Linux Enterprise Desktop 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 12 SP5 is installed OR SUSE Linux Enterprise Server 12 SP5 is installed AND rsync-3.1.3-1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP1-TERADATA is installed AND rsync-3.0.4-2.48.4.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP3-TERADATA is installed AND rsync-3.0.4-2.53.3.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 11 SP4 is installed AND rsync-3.0.4-2.53.3.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND rsync is affected OR Package Information SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13.3 is installed OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed AND rsync-3.1.3-1.19 is installed OR Package Information SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND rsync-3.1.0-13.7.1 is installed OR Package Information SUSE Linux Enterprise Server 12 SP2 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND rsync-3.1.0-13.7.1 is installed Definition Synopsis Release Information SUSE OpenStack Cloud 8 is installed OR SUSE OpenStack Cloud Crowbar 8 is installed AND rsync is affected OR Package Information SUSE Linux Enterprise Server 12 SP3 is installed AND rsync-3.1.0-13.7.1 is installed Definition Synopsis Release Information SUSE OpenStack Cloud 9 is installed OR SUSE OpenStack Cloud Crowbar 9 is installed AND rsync is affected OR Package Information SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 12 SP5 is installed OR SUSE Linux Enterprise Server 12 SP5 is installed AND rsync-3.1.3-1.19 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13.3 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND rsync is affected OR Package Information SUSE Linux Enterprise Desktop 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed AND rsync-3.1.0-13.13.3 is installed
BACK